ejabberd mod_multicast won't allow relaying - ejabberd

I am using the latest (commit 9574e71e8db595ce7b2fa2f8fbfc38deec2ad74b) version of ejabberd and tries to make the mod_multicast module work, but I'm failing.
I have this:
modules:
mod_multicast:
host: "multicast.cego.dk"
allow: all
which I believe should work, however I get this response when sending a massage:
<message from="multicast.cego.dk"
to="robert78#komogvind.dk/13809541201432712492488165"
type="error">
<addresses xmlns="http://jabber.org/protocol/address">
<address type="to"
jid="betatester01#komogvind.dk"/>
<address type="to"
jid="robert78#komogvind.dk"/>
<body>
Hello, World!
</body>
</addresses>
<error code="403"
type="auth">
<forbidden xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
<text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas">
Packet relay is denied by service policy
</text>
</error>
</message>
Why is this?
I also tried with 'allow: admin' and 'allow: multicast' and then defining a multicast acl as described in the documentation but all attempts fail.
The "multicast.cego.dk" service shows up in service discovery and I can query it with service discovery.

At the moment, ejabberd only support multicasting to local user and does not support relaying.
I created a feature request for you on ejabberd ticket tracker:
https://github.com/processone/ejabberd/issues/583

Related

How do setup mod_http_upload in ejabberd

In ejabberd 18.01-2, installed in lxc container Ubuntu 18.04 Bionic LTS using apt, I'm trying to setup mod_http_upload.
In the section listen, I have
listen:
-
port: 5444
module: ejabberd_http
tls: true
request_handlers:
"/upload": mod_http_upload
In the configuration file, commented port was 5444, however, in the current documentation, it is 5443, so I am not sure which one is right.
In the modules section, I have
modules:
mod_http_upload:
host: "upload.ejabberd.forumanalogue.fr"
max_size: infinity
thumbnail: true
put_url: "https://ejabberd.forumanalogue.fr:5444/upload"
docroot: "/ejabberd/upload"
When I start the service, I can see an odd message in the logs
2019-11-11 21:02:35.287 [warning] <0.367.0>#ejabberd_pkix:handle_call:255 No certificate found matching 'upload.ejabberd.forumanalogue.fr': strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let's Encrypt (www.letsencrypt.org)
It is strange because I have a signed wildcard certificate.
certfiles:
- "/etc/letsencrypt/live/forumanalogue.fr/*.pem"
I can see the service with my client (Gajim) but when I try to send a file to another local account, I receive an error Access denied by service policy, see the complete log:
<iq xml:lang='en' to='foo#forumanalogue.fr/gajim.HCLJ4BZI' from='upload.ejabberd.forumanalogue.fr' type='error' id='1dd35274-90e9-4b3b-9608-0fab59afe34e'>
<request xmlns='urn:xmpp:http:upload'>
<filename>a.out</filename>
<size>27232</size>
<content-type>application/octet-stream</content-type>
</request>
<error code='403' type='auth'>
<forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Access denied by service policy</text>
</error>
</iq>
I had to enable debug logging in order to see something. It is quite verbose, but I think that the relevant part, which is non redundant with the client message, is
2019-11-11 20:53:08.329 [debug] <0.501.0>#mod_http_upload:process_slot_request:544 Denying HTTP upload slot request from foo#forumanalogue.fr/gajim.HCLJ4BZI
Thank you for your help.
I tried with ejabberd 18.01, a configuration similar to yours, and it works for me.
Looking at the source code, that "process_slot_request:544 " error means that the account attempting to use the upload feature is not allowed by the "local" Access rule in the vhost it sended it to. Probably it's a remote account. Remote to that upload service. In other words, the service upload.whatever can only be used by accounts like user12#whatever.
In your case, you are attempting to use upload.ejabberd.forumanalogue.fr from account foo#forumanalogue.fr, which is not local to that upload service.
Several ideas, I hope one of them suits your specific setup:
A) don't mess with vhosts. If it's forumanalogue.fr, keep it that everywhere
B) use #HOST# in host and put_url options
C) Or if you really want to mess with hosts, then add Access rights so accounts in that vhost are considered "local" to the upload service.

ejabberd contribution mod_apns does not work

I have added mod_apns to my ejabberd server. You can find this module here.
my ejabberd.yml configuration is like this:
mod_apns:
address: "gateway.sandbox.push.apple.com"
port: 2195
certfile: "/Applications/ejabberd-15.10/conf/cert.pem"
keyfile: "/Applications/ejabberd-15.10/conf/key.pem"
password: "myPassword"
the address is sandbox since I am still in development phase. And I have tested my cert.pem and key.pem and they are valid and working.
I send my device token to ejabberd server like this:
<iq type="set" to="myEjabberdServer.com">
<register xmlns="https://apple.com/push">
<token>myDeviceTokenWithoutAnySpace</token>
</register>
</iq>
I can see my device token is saved in apns_users database.
But I still do not get notifications when my user is offline.
Am I doing anything wrong?
Does it work with gateway.sandbox.push.apple.com?
should my device token be without space and only characters?
I appreciate your help..
You have asked for an alternate approach. This alternate approach takes the process of triggering push notifications by the ejabberd server.
1. Use the mod_interact library. This will provide you an ability to transfer your messages to another url.
2. From there on you can use the direct HTTP call for push notifications

Http requests to CEP

I installed the CEP ( Proton ) through the official documentation, https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/CEP_GE_-_IBM_Proactive_Technology_Online_Installation_and_Administration_Guide
After that, I watched this recommended video to learn more about CEP. https://edu.fiware.org/pluginfile.php/653/mod_resource/content/1/CEP-Tutorial.mp4
But I can't check engine instance state, because appears this error in response:Could not read instance state, message: Error activating jmx proxy:
It seems that JMX is not properly configured.
As described in the installation guide, in the Apache Tomcat users configuration file you need to add manager-jmx role, and add it to the manager user name:
<tomcat-users>
...
<role rolename="manager-jmx" />
<user username="manager" password="manager" roles="manager-gui,manager-status,manager-script,manager-jmx" />
...
</tomcat-users>
You need to enable JMX access on Apache Tomcat, by adding it to CATALINA_OPTS, as described in the installation guide.
You also need to specify the JMX service port in the ProtonAdmin.properties file, as described in the same installation guide.

Mule SMTP not sending any mails

I have configured the outbound endpoint to the best of my knowledge but still the component is not able to send any mail.
I am using the latest Studio 3.7 to develop and the latest run-time
<smtp:outbound-endpoint host="smtp.gmail.com" port="465" user="aaa%40gmail.com" password="password" connector-ref="Gmail" to="zhk%40gmail.com" from="aaa%40gmail.com" subject="TestMessage" responseTimeout="10000" doc:name="SMTP" mimeType="text/plain" bcc="xyz%40gmail.com" cc="xyz%40gmail.com">
<reconnect/>
</smtp:outbound-endpoint>
Please note that this does not throw any errors .
<smtp:gmail-connector name="Gmail" contentType="text/plain" validateConnections="true" doc:name="Gmail"/>
<smtp:outbound-endpoint host="${smtp.host}" port="${smtp.port}" user="${smtp.from.address}" password="${smtp.from.password}"
to="${smtp.to.address}" from="${smtp.from.address}" subject="${mail.success.subject}" responseTimeout="10000"
doc:name="SuccessEmail" connector-ref="Gmail"/>
smtp.host=smtp.gmail.com
smtp.port=587
smtp.from.address=youremail%40gmail.com
smtp.from.password=yourpassword
smtp.to.address=yourtoaddress#gmail.com
I think the port 587 should do the trick
This configuration is a tested/working configuration :)
On the security tab of your SMTP component, enable SMTPS. Then try again.
If won't work, try removing '#gmail.com' on your user.

The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM’

I have an ASP.NET web application written in VB.NET. One part of the application makes an AJAX call to an internal ASMX file which in turn makes a call to a remote web service which is just a single ASMX file. Normally this works fine and has been deployed a couple of times and works fine. One client however, is getting the message from the AJAX call:
The HTTP request is unauthorized with client authentication scheme
'Anonymous'. The authentication header received from the server was
'NTLM’.
I have scoured a large amount of websites trying to fix this but I can’t seem to find any answer that works for me.
I have been unable to replicate the error on my test server, which is the same as the client, Win2003 IIS6.
The remote web service is deployed on Windows 2008 r2 – IIS7.5. The remote service is deployed using ‘Anonymous’ authentication only. The client deployment is set up with Anonymous and ‘Integrated Windows Authentication’. I have tried changing the authentication levels on both implementations but cannot replicate the issue. The closest I have come is when I set the remote service IIS authentication to
The HTTP request is unauthorized with client authentication scheme
'Ntlm'. The authentication header received from the server was ''.
In the web.config file the reference to the remote service is:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="SVCMappingSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://svc.website.com/services/myService.asmx" binding="basicHttpBinding" bindingConfiguration="SVCMappingSoap" contract="SVCMappingService.SVCMappingSoap" name="SVCMappingSoap"/>
</client>
</system.serviceModel>
I have tried changing a number of the setting in the <security> section but still unable to replicate.
I am not sure of your total server setup.
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
</security>
instead of above one please try with below configuration
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
please go through below links, you can more idea on those and you can change the config based on your requirements:
http://blogs.msdn.com/b/publicsector/archive/2005/10/19/482833.aspx
http://fczaja.blogspot.com/2009/10/http-request-is-unauthorized-with.html
http://ddkonline.blogspot.com/2009/11/fix-http-request-is-unauthorized-with.html
I had to change the default generated
<security mode="Transport"/>
into
<security mode="Transport" >
<transport clientCredentialType="Ntlm"/>
</security>
One more comment for this problem:
If you are not using HTTPS,
<security mode="Transport"/>
is not supported. You can use
<security mode="TransportCredentialOnly">
instead.